× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bcae5b59eef951338360e461038920511bb16e667f3a7595c42fe86ca9035c9c
File name: SecureMessage - Copy.exe
Detection ratio: 8 / 51
Analysis date: 2014-03-19 16:19:20 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.BVFV-9085 20140319
ESET-NOD32 Win32/TrojanDownloader.Waski.A 20140319
F-Prot W32/Trojan3.HUS 20140319
Ikarus Trojan-PWS.Tepfer 20140319
McAfee Artemis!356E1EF16844 20140319
McAfee-GW-Edition Artemis!356E1EF16844 20140319
Qihoo-360 HEUR/Malware.QVM20.Gen 20140319
Symantec Trojan Horse 20140319
Ad-Aware 20140319
AegisLab 20140319
Yandex 20140319
AhnLab-V3 20140319
AntiVir 20140319
Antiy-AVL 20140319
Avast 20140319
AVG 20140319
Baidu-International 20140319
BitDefender 20140319
Bkav 20140318
ByteHero 20140319
CAT-QuickHeal 20140319
ClamAV 20140319
CMC 20140319
Comodo 20140319
DrWeb 20140319
Emsisoft 20140319
F-Secure 20140319
Fortinet 20140319
GData 20140319
Jiangmin 20140319
K7AntiVirus 20140319
K7GW 20140319
Kaspersky 20140319
Kingsoft 20140319
Malwarebytes 20140319
Microsoft 20140319
eScan 20140319
NANO-Antivirus 20140319
Norman 20140319
nProtect 20140319
Panda 20140319
Rising 20140319
Sophos AV 20140319
SUPERAntiSpyware 20140319
TheHacker 20140319
TotalDefense 20140319
TrendMicro 20140319
TrendMicro-HouseCall 20140319
VBA32 20140319
VIPRE 20140319
ViRobot 20140319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-25 14:24:29
Entry Point 0x000015B6
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
GetModuleHandleA
GetTickCount
CloseHandle
CreateDirectoryA
GetMessageA
CharLowerA
ShowCursor
SetWindowTextA
DispatchMessageA
EndDialog
ScrollWindow
PostMessageA
SendMessageA
MessageBoxA
GetDlgItem
DestroyCursor
TranslateMessage
DialogBoxParamA
DestroyMenu
SetScrollInfo
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:11:25 06:24:29-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x15b6

InitializedDataSize
15360

SubsystemVersion
5.1

ImageVersion
5.1

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 356e1ef16844cee4f7f6a4df0e0bcd5e
SHA1 3c92f638a857f230a885876b26ea0fc742bda038
SHA256 bcae5b59eef951338360e461038920511bb16e667f3a7595c42fe86ca9035c9c
ssdeep
192:HxXVYQaAEPd5Bp0nwzYhpDBC26U9+K+JZnjy0whhZznfpfXzfm/+8PPchLj+QkCI:m/zYMPBchD+1sPkCh7+

authentihash 92bd18147877b545f97ee5bc76c5868688aa4f3d4815bdf8d80338b807a385e4
imphash 19d1592778ca0d99cb29f88450b74688
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-19 12:41:20 UTC ( 5 years, 2 months ago )
Last submission 2015-06-12 12:14:05 UTC ( 3 years, 11 months ago )
File names SecureMessage - Copy.exe
356e1ef16844cee4f7f6a4df0e0bcd5e.scr
SecureMessage.scr
c-53892-2507-1395232742
vti-rescan
file-6741904_scr
64.exe
WL-0b7e9dbea3953b96b745ae2f5094715c-0
356e1ef16844cee4f7f6a4df0e0bcd5e
SecureMessage.scr
356e1ef16844cee4f7f6a4df0e0bcd5e.exe
007923026
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications